<?php
session_start();
require_once ('../init.php');
require_once ('includes/lib/func_rightCtrl.php');
require_once ('includes/lib/func_register.php');
// 权限控制
admin_rightCtrl();
$resetUrl = '/afctf/admin/resetpw.php?action=resetpw';
if($_SESSION['level'] == 0){
	require_once ('includes/views/root_header.php');
	echo <<<EOT
		<div class="container">
		<link href="/afctf/css/announce.css" rel="stylesheet" type="text/css" media="all"/>
			<form class="layui-form main" method='POST' action='/afctf/admin/resetpw.php?action=admin'>
				<blockquote class="layui-elem-quote">管理员密码重设</blockquote>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">用户名</label>
					<div class="layui-input-block">
						<input name="opname" type="text" required  lay-verify="required" placeholder="请输入管理员的用户名" autocomplete="off" class="layui-input" maxlength="14">
					</div>
				</div>
				<div style="text-align:center;margin-left:auto; margin-right:auto;margin-bottom:25px">
		            <input class="submit layui-btn" type="submit"  value="提交">
		        </div>
			</form>
			<form class="layui-form main" method='POST' action='/afctf/admin/resetpw.php?action=user'>
				<blockquote class="layui-elem-quote">用户密码重设</blockquote>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">用户uid</label>
					<div class="layui-input-block">
						<input name="uid" type="text" required  lay-verify="required" placeholder="请输入用户的id号" autocomplete="off" class="layui-input" maxlength="10">
					</div>
				</div>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">验证码</label>
					<div class="layui-input-block">
						<input name="verify" type="text" required  lay-verify="required" placeholder="请输入验证码" autocomplete="off" class="layui-input" style="width:80%;float:left" maxlength="5">
                        <img id="checkcode-img" src="/afctf/includes/lib/checkcode.php" style="width:20%" onclick="this.src='/afctf/includes/lib/checkcode.php?action=refresh'"/>
                    </div>
				</div>
				<div style="text-align:center;margin-left:auto; margin-right:auto;margin-bottom:25px">
		            <input class="submit layui-btn" type="submit"  value="提交">
		        </div>
			</form>
		</div>
		<script type="text/javascript">
			$("#a_home").removeClass("active");
			$("#a_reset").addClass("active");
		</script>
EOT;
	if(@$_GET['action'] == 'admin'){
		$opname = $_POST['opname'];
		$salt = getrandstr(32);
		$randPw = getrandstr(8);
		$hashpassword = hash('sha256',$randPw.$salt);
		$pw_update = "UPDATE `admin` SET `salt` = :salt,`passwd_hash` = :hashpassword WHERE `operator_name` = :operator_name";
		$sth_pwupdate = $dbh->prepare($pw_update);
		$sth_pwupdate ->bindParam(":salt",$salt);
		$sth_pwupdate ->bindParam(":hashpassword",$hashpassword);
		$sth_pwupdate ->bindParam(":operator_name",$opname);
		$sth_pwupdate ->execute();
		if($sth_pwupdate -> rowCount() == 0){
        	msg_display('输入的用户名错误','error',$resetUrl);
		}
		msg_alert('管理员用户名为：'.$opname.'</br>重置后的随机密码为: '.$randPw,'success',$resetUrl);
	}
	if(@$_GET['action'] == 'user'){
		$uid = $_POST['uid'];
		$verify = $_POST['verify'];
		$code = $_SESSION['code'];
		// 使用完验证码之后清除
	    unset($_SESSION['code']);
	    // 检查验证码是否正确
	    if(strnatcasecmp($verify,$code)){
	        msg_display('验证码错误','error',$resetUrl);
	    }
		$salt = getrandstr(32);
		$randPw = getrandstr(8);
		$hashpassword = hash('sha256',$randPw.$salt);
		$pw_update = "UPDATE `user` SET `salt` = :salt,`passwd_hash` = :hashpassword WHERE `uid` = :uid";
		$sth_pwupdate = $dbh->prepare($pw_update);
		$sth_pwupdate ->bindParam(":salt",$salt);
		$sth_pwupdate ->bindParam(":hashpassword",$hashpassword);
		$sth_pwupdate ->bindParam(":uid",$uid);
		$sth_pwupdate ->execute();
		if($sth_pwupdate -> rowCount() == 0){
        	msg_display('输入的用户名错误','error',$resetUrl);
		}
		msg_alert('用户id为：'.$uid.'</br>重置后的随机密码为: '.$randPw,'success',$resetUrl);
	}
require_once ('includes/views/footer.php');
}
elseif ($_SESSION['level'] == 1) {
	require_once ('includes/views/admin_header.php');
	echo <<<EOT
		<div class="container">
		<link href="/afctf/css/announce.css" rel="stylesheet" type="text/css" media="all"/>
			<form class="layui-form main" method='POST' action='/afctf/admin/resetpw.php?action=admin'>
				<blockquote class="layui-elem-quote">管理员密码修改</blockquote>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">旧密码</label>
					<div class="layui-input-block" style="margin-bottom:10px">
						<input name="oldpw" type="password" required  lay-verify="required" placeholder="请输入你的旧密码" autocomplete="off" class="layui-input" maxlength="16">
					</div>
					<label class="layui-form-label">新密码</label>
					<div class="layui-input-block" style="margin-bottom:10px">
						<input name="newpw1" type="password" required  lay-verify="required" placeholder="请输入你的新密码" autocomplete="off" class="layui-input" maxlength="16">
					</div>
					<label class="layui-form-label">新密码</label>
					<div class="layui-input-block" style="margin-bottom:10px">
						<input name="newpw2" type="password" required  lay-verify="required" placeholder="请再次输入你的新密码" autocomplete="off" class="layui-input" maxlength="16">
					</div>
				</div>				
				<div style="text-align:center;margin-left:auto; margin-right:auto;margin-bottom:25px">
		            <input class="submit layui-btn" type="submit"  value="提交">
		        </div>
			</form>
			<form class="layui-form main" method='POST' action='/afctf/admin/resetpw.php?action=user'>
				<blockquote class="layui-elem-quote">用户密码重设</blockquote>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">用户uid</label>
					<div class="layui-input-block">
						<input name="uid" type="text" required  lay-verify="required" placeholder="请输入用户的id号" autocomplete="off" class="layui-input" maxlength="10">
					</div>
				</div>
				<div class="layui-form-item" style="margin-top:30px;margin-bottom:30px">
					<label class="layui-form-label">验证码</label>
					<div class="layui-input-block">
						<input name="verify" type="text" required  lay-verify="required" placeholder="请输入验证码" autocomplete="off" class="layui-input" style="width:80%;float:left" maxlength="5">
                        <img id="checkcode-img" src="/afctf/includes/lib/checkcode.php" style="width:20%" onclick="this.src='/afctf/includes/lib/checkcode.php?action=refresh'"/>
                    </div>
				</div>		
				<div style="text-align:center;margin-left:auto; margin-right:auto;margin-bottom:25px">
		            <input class="submit layui-btn" type="submit"  value="提交">
		        </div>
			</form>
		</div>
		<script type="text/javascript" src="../layui/layui.all.js"></script>
		<script type="text/javascript">
			layui.use('element', function()){
				var $ = layui.jquery
		  		,element = layui.element; //Tab的切换功能，切换事件监听等，需要依赖element模块
			}
		</script>
		<script type="text/javascript">
			$("#a_home").removeClass("active");
			$("#a_reset").addClass("active");
		</script>
EOT;
	if(@$_GET['action'] == 'admin'){
		$aid = $_SESSION['aid'];
		$oldpw = $_POST['oldpw'];
		$newpw1 = $_POST['newpw1'];
		$newpw2 = $_POST['newpw2'];
		// 检查密码
	    $passwdStatus = check_password($newpw1,$newpw2);
	    if ($passwdStatus === 2){
	        msg_display('两次填写的密码不一致','error',$resetUrl);
	    }elseif ($passwdStatus === 3) {
	        msg_display('密码的长度需要在6~16之间','error',$resetUrl);
	    }elseif ($passwdStatus === 4) {
	        msg_display('密码只能使用英文字母数字以及!@#$%^&*()_等字符','error',$resetUrl);
	    }
		// 校验旧密码是否正确
		$oldpw_query   = "SELECT `salt`,`passwd_hash` FROM `admin` WHERE `aid` = :aid";
		$sth_oldpw     = $dbh->prepare($oldpw_query);
		$sth_oldpw -> bindParam(":aid",$aid);
		$sth_oldpw -> execute();
		$result        = $sth_oldpw -> fetch();

	    $db_salt = $result['salt'];
	    $db_hash = $result['passwd_hash']; 
	    // 对用户提交的旧密码作处理
		$password_hash = hash('sha256',$oldpw.$db_salt);
		if($password_hash === $db_hash){
			// 校验正确，更新密码
			$salt = getrandstr(32);
			$hashpassword = hash('sha256',$newpw1.$salt);
			$pw_update = "UPDATE `admin` SET `salt` = :salt,`passwd_hash` = :hashpassword WHERE `aid` = :aid";
			$sth_pwupdate = $dbh->prepare($pw_update);
			$sth_pwupdate ->bindParam(":salt",$salt);
			$sth_pwupdate ->bindParam(":hashpassword",$hashpassword);
			$sth_pwupdate ->bindParam(":aid",$aid);
			try {
				$sth_pwupdate ->execute();
			}catch (Exception $e) {
		        msg_display('错误代码333，请联系管理员','error',$resetUrl);
		    }
			msg_alert('修改管理员密码成功','success',$resetUrl);
		}
		else{
			msg_alert('旧密码错误，请重新输入','error',$resetUrl);
		}
		
	}
	if(@$_GET['action'] == 'user'){
		$uid = $_POST['uid'];
		$verify = $_POST['verify'];
		$code = $_SESSION['code'];
		// 使用完验证码之后清除
	    unset($_SESSION['code']);
	    // 检查验证码是否正确
	    if(strnatcasecmp($verify,$code)){
	        msg_display('验证码错误','error',$resetUrl);
	    }
		$salt = getrandstr(32);
		$randPw = getrandstr(8);
		$hashpassword = hash('sha256',$randPw.$salt);
		$pw_update = "UPDATE `user` SET `salt` = :salt,`passwd_hash` = :hashpassword WHERE `uid` = :uid";
		$sth_pwupdate = $dbh->prepare($pw_update);
		$sth_pwupdate ->bindParam(":salt",$salt);
		$sth_pwupdate ->bindParam(":hashpassword",$hashpassword);
		$sth_pwupdate ->bindParam(":uid",$uid);
		if($sth_pwupdate -> rowCount() == 0){
        	msg_display('输入的用户名错误','error',$resetUrl);
		}
		msg_alert('用户id为：'.$uid.'</br>重置后的随机密码为: '.$randPw,'success',$resetUrl);
	}
require_once ('includes/views/footer.php');
}